As it is generally known, authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. While basic authentication techniques (e.g. username/password combinations) are sufficient for many transactions, it is often desirable to impose more sophisticated processes on authentication requests that are deemed to be relatively high risk. In order to determine the specific type of authentication processing to be used to process individual authentication requests, adaptive authentication systems assign a risk score to each request. The risk score represents the risk that the request is fraudulent, i.e. the risk that the person or entity requesting authentication is an imposter. Based on a request's risk score, adaptive authentication systems select appropriate authentication processes to be applied to the request. Requests with relatively higher risk scores are processed using relatively more sophisticated authentication techniques that are more likely to ensure that a fraudulent request is not approved, while requests with lower risk scores are processed using more basic authentication processes.